STAMP/STPA safety analysis of aircraft differential braking correction process

To prevent the occurrence of danger or accident during the correction process of all-electric differential braking, the safety problem was regarded as a control problem, and the safety analysis based on STAMP/STPA was carried out from the control point of view. First, based on the system-theoretic accident model and process (STAMP), the STAMP model of the aircraft all-electric differential braking system considering human-machine coordination was established to determine the control feedback relationship of the entire differential braking system. Then, the system theoretic process analysis (STPA) method was used to analyze the safety of the differential braking correction process, determine system-level accidents and hazards, identify potential risks and unsafe control actions (UCA), and conduct qualitative analysis of UCA from the aspects of control, feedback, and coordination. Finally, an airplane ground sliding model was established to simulate and analyze some unsafe control behaviors (UCA1, UCA2, and UCA5) that occurred during the correction process. Simulation results show that the differential braking action was not provided in the case of 1° initial yaw angle or 1 m/s continuous crosswind, and the aircraft was out of the runway after 5 s; the differential braking action delay occurred at 1° initial yaw angle (with no crosswind), and the aircraft was out of the runway when the delay was greater than 5 s. From the quantitative point of view, the safety constraints of the aircraft all-electric differential braking correction process were proposed, and the effectiveness of the STAMP/STPA method was verified. © 2020, Editorial Board of Journal of Harbin Institute of Technology. All right reserved.